Show Dependency Scanning results in the Group Security Dashboard
Problem to solve
The Group Security Dashboard currently shows only SAST results. This is a good starting point, but we need to add more source of vulnerabilities and cover all the reports we have.
The next step is to add Dependency Scanning results to the dashboard.
Further details
This issue requires https://gitlab.com/gitlab-org/gitlab-ee/issues/6718 to be merged in a previous iteration.
Proposal
Those are the requirements:
- add Dependency Scanning to the list of sources (see https://gitlab.com/gitlab-org/gitlab-ee/issues/6240)
- the results will be shown in the list, and action items available, in the most similar way to SAST
- the summary and metrics must consider both SAST and Dependency Scanning results
Design
Design Specs:
What does success look like, and how can we measure that?
Security teams will use the Group Security Dashboard to fix their Dependency Scanning vulnerabilities.
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.